11-22-2001 09:13 AM - edited 03-08-2019 09:15 PM
I've tried CSPM 2.3.x and 3.0 to define a PIX object with overlapping subnets. Let say the subnet connecting to e0 is 10.5.0.0/16 and the subnet connecting to e1 is 10.5.5.0/24. In this case, the CSPM doesn't accept me. Is there any workaround or I need to give up CSPM? Due to historical reasons, I cannot alter the design of the subnets.
11-29-2001 01:55 PM
Configuring that directly on the PIX will give you problems so that is why CSPM will not allow it. The PIX will be very confused as to which networks it owns where. Renumber that 10.5.5.0/24 subnet make your own history.
11-29-2001 06:25 PM
echee,
So CSPM has a setting that forces it to check the configuration before you write to the device. That used to be a check box. If you are sure that the overlapping subnet is your only issue I would disable the CSPM checking feature and then push the policy out. Remeber to turn it back on immediately after writing the device.
Liberty for All,
Brian
12-03-2001 03:32 AM
Dear Brian,
Thanks for your reply. However, I can't even define the PIX object in the CSPM if the interfaces/networks attached to it is overlapped. Therefore, I can't further define the objects and the rulebase.
Thanks.
echee
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide